aruba-0.5.1.gem: 1 vulnerabilities (highest severity is: 7.8)

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20> Vulnerable Library - aruba-0.5.1.gem</summary>


Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/ffi-1.3.1.gem



Found in HEAD commit: <a href="https://github.com/olery/github-helpers/commit/b796a1fef53fffdf990be54f950a21eac4ad72d0">b796a1fef53fffdf990be54f950a21eac4ad72d0</a></details>

## Vulnerabilities

| CVE | Severity | <img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20> CVSS | Dependency | Type | Fixed in (aruba version) | Remediation Possible** |
| ------------- | ------------- | ----- | ----- | ----- | ------------- | --- |
| [CVE-2018-1000201](https://www.mend.io/vulnerability-database/CVE-2018-1000201) | <img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> High | 7.8 | ffi-1.3.1.gem | Transitive | N/A* | &#10060; |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

## Details

<details>

<summary><img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> CVE-2018-1000201</summary>


### Vulnerable Library - ffi-1.3.1.gem

Ruby FFI library
Library home page: <a href="https://rubygems.org/gems/ffi-1.3.1.gem">https://rubygems.org/gems/ffi-1.3.1.gem</a>
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/ffi-1.3.1.gem


Dependency Hierarchy:
 - aruba-0.5.1.gem (Root Library)
 - childprocess-0.3.6.gem
 - :x: **ffi-1.3.1.gem** (Vulnerable Library)
Found in HEAD commit: <a href="https://github.com/olery/github-helpers/commit/b796a1fef53fffdf990be54f950a21eac4ad72d0">b796a1fef53fffdf990be54f950a21eac4ad72d0</a>
Found in base branch: master




### Vulnerability Details
 
 
ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.

Publish Date: 2018-06-22
URL: <a href=https://www.mend.io/vulnerability-database/CVE-2018-1000201>CVE-2018-1000201</a>




### CVSS 3 Score Details (7.8)


Base Score Metrics:
- Exploitability Metrics:
 - Attack Vector: Local
 - Attack Complexity: Low
 - Privileges Required: None
 - User Interaction: Required
 - Scope: Unchanged
- Impact Metrics:
 - Confidentiality Impact: High
 - Integrity Impact: High
 - Availability Impact: High

For more information on CVSS3 Scores, click <a href="https://www.first.org/cvss/calculator/3.0">here</a>.




### Suggested Fix


Type: Upgrade version
Origin: <a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000201">http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000201</a>
Release Date: 2018-06-22
Fix Resolution: 1.9.24






Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
</details>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

aruba-0.5.1.gem: 1 vulnerabilities (highest severity is: 7.8) #3

Vulnerabilities

Details

Vulnerable Library - ffi-1.3.1.gem

Vulnerability Details

CVSS 3 Score Details (7.8)

Suggested Fix

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

aruba-0.5.1.gem: 1 vulnerabilities (highest severity is: 7.8) #3

Description

Vulnerabilities

Details

Vulnerable Library - ffi-1.3.1.gem

Vulnerability Details

CVSS 3 Score Details (7.8)

Suggested Fix

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions